Public Health Systems has filed with the Securities and Exchange Commission that it has been notified by a third-party secure file transfer provider of an incident that resulted in the unauthorized disclosure of patient data. their.
WHY IT IMPORTANT
Managed file transfer platform GoAnywhere first warned about the zero-day remote code injection exploit on February 1, according to a technical bulletin posted by prominent security researcher Brian Krebs on Infosec. exchange.
“The attack vector of this exploit requires access to the application’s admin console, which in most cases is only accessible from within the private corporate network, via [virtual private network] or according to the allowed listed IP addresses (when running in a cloud environment, such as Azure or AWS),” according to the Fortra bulletin that Krebs accessed and shared.
Franklin, Tennessee-based CHS is one of the largest publicly traded hospital systems in the United States. Its portfolio includes 79 acute care hospitals and more than 1,000 other care locations, such as doctors’ clinics, urgent care centers, imaging centers, oncology, etc. spread across 16 states, according to its website.
According to CHS, patient care is not affected.
“The Company believes that the Fortra breach did not have any impact on any of its information systems and did not result in any significant disruption to its business, including including providing patient care,” CHS said Feb. 13. SEC filings are posted on its website.
10 report on Bleepingcomputer, the Clop ransomware gang claims to be behind a wave of 130 attacks in which they compromised the popular MFT platform and stole data.
“The vulnerability, now tracked as CVE-2023-0669, allows attackers to remotely execute code on unpatched GoAnywhere MFT instances with their admin console exposed,” Bleepingcomputer said. with Internet access”.
The story alleges that Clop contacted the publication to claim responsibility for the attacks and said they stole data over a 10-day period. Clop also says that it can traverse networks, but has decided not to deploy ransomware payloads.
CHS was the first to report a data breach in the GoAnywhere attacks, according to the publication’s February 14 report.
TREND TO BIGGER WOMAN
Currently, worms targeting undiscovered vulnerabilities are often combined with a highly selective implementation of ransomware shutdowns.
However, this is not the first time TYT has dealt with the disclosure of protected health information.
In 2014, hackers compromised administrative credentials to gain access to CHSPSC, a management company that owns and provides business-associated services for CHS hospitals and doctor’s clinics. .
The FBI notified CHSPSC that its health information management system was accessed through a virtual private network.
According to the U.S. Department of Health and Human Services, between April and August of that year, cybercriminals infiltrated 237 insured entities served by CHSPSC and stole the PHI of more than 6 million people.
In 2020, the healthcare provider paid a $2.3 million settlement to the Office of Civil Rights for potential HIPAA violations in a dispute that led to to non-compliance.
Zero-day threats are always present. HHS has advised the health sector to patch early, patch often.
The Healthcare Cybersecurity Coordination Center recently warned that the Clop ransomware is also sending infected files disguised as medical images in phishing attacks targeting healthcare facilities. economic.
ON PROFILE
“The Company may have and may in the future incur costs and losses related to this incident that are not covered by insurance,” CHS said in the filing.
In a separate SEC filing on February 15, the private healthcare company reported net operating revenue for the fourth quarter of 2022 totaling $3.142 billion.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
